Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long (1) username, (2) password, or (3) PASV command.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| grant_averett | ceberus_ftp_server | 1.0 |
| grant_averett | ceberus_ftp_server | 1.01 |
| grant_averett | ceberus_ftp_server | 1.5 |
| grant_averett | ceberus_ftp_server | 1.3 |
| grant_averett | ceberus_ftp_server | 1.22 |
| grant_averett | ceberus_ftp_server | 1.1 |
| grant_averett | ceberus_ftp_server | 1.2 |
Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| grant_averett | ceberus_ftp_server | 1.0 |
| grant_averett | ceberus_ftp_server | 1.01 |
| grant_averett | ceberus_ftp_server | 1.5 |
| grant_averett | ceberus_ftp_server | 1.3 |
| grant_averett | ceberus_ftp_server | 1.22 |
| grant_averett | ceberus_ftp_server | 1.1 |
| grant_averett | ceberus_ftp_server | 1.2 |
Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| grant_averett | cerberus_ftp_server | * |
Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, allows remote attackers to cause an unspecified denial of service via a long string that does not contain a valid FTP command.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| grant_averett | cerberus_ftp_server | 2.32 |